docker-scraper icon indicating copy to clipboard operation
docker-scraper copied to clipboard
verified publisher icon nichelia

Bump the pip group across 1 directory with 8 updates

Open dependabot[bot] opened this issue 11 months ago • 0 comments

Bumps the pip group with 8 updates in the / directory:

Package From To
pillow 4.1.1 10.3.0
scrapy 1.4.0 2.11.2
twisted 17.5.0 24.7.0rc1
cryptography 1.9 44.0.1
lxml 3.8.0 4.9.1
pyopenssl 17.0.0 25.0.0
pymongo 3.4.0 4.6.3
scrapy-splash 0.7.2 0.8.0

Updates pillow from 4.1.1 to 10.3.0

Release notes

Sourced from pillow's releases.

10.3.0

https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html

Deprecations

  • Deprecate eval(), replacing it with lambda_eval() and unsafe_eval() #7927 [@​hugovk]
  • Deprecate ImageCms constants and versions() function #7702 [@​nulano]

Changes

... (truncated)

Changelog

Sourced from pillow's changelog.

10.3.0 (2024-04-01)

  • CVE-2024-28219: Use strncpy to avoid buffer overflow #7928 [radarhere, hugovk]

  • Deprecate eval(), replacing it with lambda_eval() and unsafe_eval() #7927 [radarhere, hugovk]

  • Raise ValueError if seeking to greater than offset-sized integer in TIFF #7883 [radarhere]

  • Add --report argument to __main__.py to omit supported formats #7818 [nulano, radarhere, hugovk]

  • Added RGB to I;16, I;16L, I;16B and I;16N conversion #7918, #7920 [radarhere]

  • Fix editable installation with custom build backend and configuration options #7658 [nulano, radarhere]

  • Fix putdata() for I;16N on big-endian #7209 [Yay295, hugovk, radarhere]

  • Determine MPO size from markers, not EXIF data #7884 [radarhere]

  • Improved conversion from RGB to RGBa, LA and La #7888 [radarhere]

  • Support FITS images with GZIP_1 compression #7894 [radarhere]

  • Use I;16 mode for 9-bit JPEG 2000 images #7900 [scaramallion, radarhere]

  • Raise ValueError if kmeans is negative #7891 [radarhere]

  • Remove TIFF tag OSUBFILETYPE when saving using libtiff #7893 [radarhere]

  • Raise ValueError for negative values when loading P1-P3 PPM images #7882 [radarhere]

  • Added reading of JPEG2000 palettes #7870 [radarhere]

  • Added alpha_quality argument when saving WebP images #7872 [radarhere]

... (truncated)

Commits
  • 5c89d88 10.3.0 version bump
  • 63cbfcf Update CHANGES.rst [ci skip]
  • 2776126 Merge pull request #7928 from python-pillow/lcms
  • aeb51cb Merge branch 'main' into lcms
  • 5beb0b6 Update CHANGES.rst [ci skip]
  • cac6ffa Merge pull request #7927 from python-pillow/imagemath
  • f5eeeac Name as 'options' in lambda_eval and unsafe_eval, but '_dict' in deprecated eval
  • facf3af Added release notes
  • 2a93aba Use strncpy to avoid buffer overflow
  • a670597 Update CHANGES.rst [ci skip]
  • Additional commits viewable in compare view

Updates scrapy from 1.4.0 to 2.11.2

Release notes

Sourced from scrapy's releases.

2.11.2

Mostly bug fixes, including security bug fixes.

See the full changelog.

2.11.1

  • Security bug fixes.
  • Support for Twisted >= 23.8.0.
  • Documentation improvements.

See the full changelog.

2.11.0

  • Spiders can now modify settings in their from_crawler methods, e.g. based on spider arguments.
  • Periodic logging of stats.
  • Bug fixes.

See the full changelog.

2.10.1

Marked Twisted >= 23.8.0 as unsupported.

2.10.0

  • Added Python 3.12 support, dropped Python 3.7 support.
  • The new add-ons framework simplifies configuring 3rd-party components that support it.
  • Exceptions to retry can now be configured.
  • Many fixes and improvements for feed exports.

See the full changelog.

2.9.0

  • Per-domain download settings.
  • Compatibility with new cryptography and new parsel.
  • JMESPath selectors from the new parsel.
  • Bug fixes.

See the full changelog.

2.8.0

This is a maintenance release, with minor features, bug fixes, and cleanups.

See the full changelog.

2.7.1

  • Relaxed the restriction introduced in 2.6.2 so that the Proxy-Authentication header can again be set explicitly in certain cases, restoring compatibility with scrapy-zyte-smartproxy 2.1.0 and older
  • Bug fixes

See the full changelog

2.7.0

... (truncated)

Changelog

Sourced from scrapy's changelog.

Scrapy 2.11.2 (2024-05-14)

Security bug fixes


-   Redirects to non-HTTP protocols are no longer followed. Please, see the
    `23j4-mw76-5v7h security advisory`_ for more information. (:issue:`457`)

.. _23j4-mw76-5v7h security advisory: https://github.com/scrapy/scrapy/security/advisories/GHSA-23j4-mw76-5v7h



    

  • 

    The Authorization header is now dropped on redirects to a different
scheme (http:// or https://) or port, even if the domain is the
same. Please, see the 4qqq-9vqf-3h3f security advisory_ for more
information.
    

    .. _4qqq-9vqf-3h3f security advisory: https://github.com/scrapy/scrapy/security/advisories/GHSA-4qqq-9vqf-3h3f
    

    • 

  • 

    When using system proxy settings that are different for http:// and
https://, redirects to a different URL scheme will now also trigger the
corresponding change in proxy settings for the redirected request. Please,
see the jm3v-qxmh-hxwv security advisory_ for more information.
(:issue:767)
    

    .. _jm3v-qxmh-hxwv security advisory: https://github.com/scrapy/scrapy/security/advisories/GHSA-jm3v-qxmh-hxwv
    

    • 

  • 

    :attr:Spider.allowed_domains <scrapy.Spider.allowed_domains> is now
enforced for all requests, and not only requests from spider callbacks.
(:issue:1042, :issue:2241, :issue:6358)
    

    • 

  • 

    :func:~scrapy.utils.iterators.xmliter_lxml no longer resolves XML
entities. (:issue:6265)
    

    • 

  • 

    defusedxml_ is now used to make
:class:scrapy.http.request.rpc.XmlRpcRequest more secure.
(:issue:6250, :issue:6251)
    

    .. _defusedxml: https://github.com/tiran/defusedxml
    

    • 



Bug fixes



-   Restored support for brotlipy_, which had been dropped in Scrapy 2.11.1 in
    favor of brotli_. (:issue:`6261`)

.. note:: brotlipy is deprecated, both in Scrapy and upstream. Use brotli
    instead if you can.



    

  • Make :setting:METAREFRESH_IGNORE_TAGS ["noscript"] by default. This
prevents
</tr></table>
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
    • 



<ul>
<li><a href="https://github.com/scrapy/scrapy/commit/e8cb5a03b382b98f2c8945355076390f708b918d"><code>e8cb5a0</code></a> Bump version: 2.11.1 → 2.11.2</li>
<li><a href="https://github.com/scrapy/scrapy/commit/2c031f4061ae9bf486cc9e2a699355450638e8c2"><code>2c031f4</code></a> Set the release date of 2.11.2</li>
<li><a href="https://github.com/scrapy/scrapy/commit/3ffa17c0204deb3bdf2c7c60f5a56c9f777698c6"><code>3ffa17c</code></a> Use posargs for pypy3-pinned</li>
<li><a href="https://github.com/scrapy/scrapy/commit/c6a8f0e4d945622a7e71adf635e272b66eddbbd0"><code>c6a8f0e</code></a> Update VERSION references</li>
<li><a href="https://github.com/scrapy/scrapy/commit/60d2577284128cd0cf4af54745730da4a9005177"><code>60d2577</code></a> Merge remote-tracking branch '23j4/2.11.2-release-notes' into 2.11</li>
<li><a href="https://github.com/scrapy/scrapy/commit/36287cb665ab4b0c65fd53181c9a0ef04990ada6"><code>36287cb</code></a> Merge branch 'redirect-protocols' into 2.11</li>
<li><a href="https://github.com/scrapy/scrapy/commit/f138d5d1450ef38ee077c2472c136c70d8d673e8"><code>f138d5d</code></a> Merge branch 'environ-proxy-protocol' into 2.11</li>
<li><a href="https://github.com/scrapy/scrapy/commit/1d0502f25bbe55a22899af915623fda1aaeb9dd8"><code>1d0502f</code></a> Merge branch 'advisory-fix' into 2.11</li>
<li><a href="https://github.com/scrapy/scrapy/commit/bb948af00babe545a7fb52700f4ba1424d206677"><code>bb948af</code></a> Release notes for 2.11.2 (<a href="https://redirect.github.com/scrapy/scrapy/issues/6359">#6359</a>)</li>
<li><a href="https://github.com/scrapy/scrapy/commit/5ad9433dd59cd8436ce33bf2c44796516eef4c3c"><code>5ad9433</code></a> Merge remote-tracking branch 'scrapy/2.11' into 2.11</li>
<li>Additional commits viewable in <a href="https://github.com/scrapy/scrapy/compare/1.4.0...2.11.2">compare view</a></li>
</ul>
</details>


<br />



Updates twisted from 17.5.0 to 24.7.0rc1



Release notes

Sourced from twisted's releases.




Twisted 24.7.0rc1 (2024-07-29)


Features


    

  • twisted.protocols.ftp now supports the IPv6 extensions defined in RFC 2428. (#9645)
    • 

  • twisted.internet.defer.inlineCallbacks can now yield a coroutine. (#9972)
    • 

  • twisted.python._shellcomp.ZshArgumentsGenerator was updated for Python 3.13. (#12065)
    • 

  • twisted.web.wsgi request environment now contains the peer port number as REMOTE_PORT. (#12096)
    • 

  • twisted.internet.defer.Deferred.callback() and twisted.internet.defer.Deferred.addCallbacks() no longer use assert to check the type of the arguments. You should now use type checking to validate your code. These changes were done to reduce the CPU usage. (#12122)
    • 

  • Added two new methods, twisted.logger.Logger.failuresHandled and twisted.logger.Logger.failureHandler, which allow for more concise and convenient handling of exceptions when dispatching out to application code.  The former can arbitrarily customize failure handling at the call site, and the latter can be used for performance-sensitive cases where no additional information needs to be logged. (#12188)
    • 

  • twisted.internet.defer.Deferred.addCallback now runs about 10% faster. (#12223)
    • 

  • twisted.internet.defer.Deferred error handling is now faster, taking 40% less time to run. (#12227)
    • 



Bugfixes


    

  • twisted.internet.ssl.Certificate.repr can now handle certificates without a common name (CN) in the certificate itself or the signing CA. (#5851)
    • 

  • Type annotations have been added to twisted.conch.interfaces.IKnownHostEntry and its implementations, twisted.conch.client.knownhosts.PlainHost and twisted.conch.client.knownhosts.HashedHost, correcting a variety of type confusion issues throughout the conch client code. (#9713)
    • 

  • twisted.python.failure.Failure once again utilizes the custom pickling logic it used to in the past. (#12112)
    • 

  • twisted.conch.client.knownhosts.KnownHostsFile.verifyHostKey no longer logs an exception when automatically adding an IP address host key, which means the interactive conch command-line no longer will either. (#12141)
    • 



Improved Documentation


    

  • The IRC server example found in the documentation was updated for readability. (#12097)
    • 

  • Remove contextvars from list of optional dependencies. (#12128)
    • 

  • The documentation for installing Twisted was moved into a single page. (#12145)
    • 

  • The project's compatibility policy now clearly indicates that the GitHub Actions test matrix defines the supported platforms. (#12167)
    • 

  • Updated imap4client.py example, it no longer references Python 2. (#12252)
    • 



Deprecations and Removals


    

  • twisted.internet.defer.returnValue has been deprecated. You can replace it with the standard return statement. (#9930)
    • 

  • The twisted-iocpsupport is no longer a hard dependency on Windows.
The IOCP support is now installed together with the other Windows soft
dependencies via twisted[windows-platform]. (#11893)
    • 

  • twisted.python.deprecate helper function will now always strip whitespaces from the docstrings.
This is done to have the same behaviour as with Python 3.13. (#12063)
    • 

  • twisted.conch.manhole.ManholeInterpreter.write, twisted.conch.manhole.ManholeInterpreter.addOutput, twisted.mail.imap4.IMAP4Server.sendUntaggedResponse async argument, deprecated since 18.9.0, has been removed. (#12130)
    • 

  • twisted.web.soap was removed.
The SOAP support was already broken, for at least the last 4 years.
The SOAP support in Twisted has no active maintainer. (#12146)
    • 






... (truncated)





Changelog

Sourced from twisted's changelog.




Twisted 24.7.0rc1 (2024-07-29)


Features


    

  • twisted.protocols.ftp now supports the IPv6 extensions defined in RFC 2428. (#9645)
    • 

  • twisted.internet.defer.inlineCallbacks can now yield a coroutine. (#9972)
    • 

  • twisted.python._shellcomp.ZshArgumentsGenerator was updated for Python 3.13. (#12065)
    • 

  • twisted.web.wsgi request environment now contains the peer port number as REMOTE_PORT. (#12096)
    • 

  • twisted.internet.defer.Deferred.callback() and twisted.internet.defer.Deferred.addCallbacks() no longer use assert to check the type of the arguments. You should now use type checking to validate your code. These changes were done to reduce the CPU usage. (#12122)
    • 

  • Added two new methods, twisted.logger.Logger.failuresHandled and twisted.logger.Logger.failureHandler, which allow for more concise and convenient handling of exceptions when dispatching out to application code.  The former can arbitrarily customize failure handling at the call site, and the latter can be used for performance-sensitive cases where no additional information needs to be logged. (#12188)
    • 

  • twisted.internet.defer.Deferred.addCallback now runs about 10% faster. (#12223)
    • 

  • twisted.internet.defer.Deferred error handling is now faster, taking 40% less time to run. (#12227)
    • 



Bugfixes


    

  • twisted.internet.ssl.Certificate.repr can now handle certificates without a common name (CN) in the certificate itself or the signing CA. (#5851)
    • 

  • Type annotations have been added to twisted.conch.interfaces.IKnownHostEntry and its implementations, twisted.conch.client.knownhosts.PlainHost and twisted.conch.client.knownhosts.HashedHost, correcting a variety of type confusion issues throughout the conch client code. (#9713)
    • 

  • twisted.python.failure.Failure once again utilizes the custom pickling logic it used to in the past. (#12112)
    • 

  • twisted.conch.client.knownhosts.KnownHostsFile.verifyHostKey no longer logs an exception when automatically adding an IP address host key, which means the interactive conch command-line no longer will either. (#12141)
    • 



Improved Documentation


    

  • The IRC server example found in the documentation was updated for readability. (#12097)
    • 

  • Remove contextvars from list of optional dependencies. (#12128)
    • 

  • The documentation for installing Twisted was moved into a single page. (#12145)
    • 

  • The project's compatibility policy now clearly indicates that the GitHub Actions test matrix defines the supported platforms. (#12167)
    • 

  • Updated imap4client.py example, it no longer references Python 2. (#12252)
    • 



Deprecations and Removals


    

  • twisted.internet.defer.returnValue has been deprecated. You can replace it with the standard return statement. (#9930)
    • 

  • The twisted-iocpsupport is no longer a hard dependency on Windows.
The IOCP support is now installed together with the other Windows soft
dependencies via twisted[windows-platform]. (#11893)
    • 

  • twisted.python.deprecate helper function will now always strip whitespaces from the docstrings.
This is done to have the same behaviour as with Python 3.13. (#12063)
    • 

  • twisted.conch.manhole.ManholeInterpreter.write, twisted.conch.manhole.ManholeInterpreter.addOutput, twisted.mail.imap4.IMAP4Server.sendUntaggedResponse async argument, deprecated since 18.9.0, has been removed. (#12130)
    • 

  • twisted.web.soap was removed.
The SOAP support was already broken, for at least the last 4 years.
The SOAP support in Twisted has no active maintainer. (#12146)
    • 






... (truncated)





Commits






Updates cryptography from 1.9 to 44.0.1



Changelog

Sourced from cryptography's changelog.




44.0.1 - 2025-02-11



* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.4.1.
* We now build ``armv7l`` ``manylinux`` wheels and publish them to PyPI.
* We now build ``manylinux_2_34`` wheels and publish them to PyPI.

.. _v44-0-0:


44.0.0 - 2024-11-27



    

  • BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.9.
    • 

  • Deprecated Python 3.7 support. Python 3.7 is no longer supported by the
Python core team. Support for Python 3.7 will be removed in a future
cryptography release.
    • 

  • Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.4.0.
    • 

  • macOS wheels are now built against the macOS 10.13 SDK. Users on older
versions of macOS should upgrade, or they will need to build
cryptography themselves.
    • 

  • Enforce the :rfc:5280 requirement that extended key usage extensions must
not be empty.
    • 

  • Added support for timestamp extraction to the
:class:~cryptography.fernet.MultiFernet class.
    • 

  • Relax the Authority Key Identifier requirements on root CA certificates
during X.509 verification to allow fields permitted by :rfc:5280 but
forbidden by the CA/Browser BRs.
    • 

  • Added support for :class:~cryptography.hazmat.primitives.kdf.argon2.Argon2id
when using OpenSSL 3.2.0+.
    • 

  • Added support for the :class:~cryptography.x509.Admissions certificate extension.
    • 

  • Added basic support for PKCS7 decryption (including S/MIME 3.2) via
:func:~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_der,
:func:~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_pem, and
:func:~cryptography.hazmat.primitives.serialization.pkcs7.pkcs7_decrypt_smime.
    • 



.. _v43-0-3:


43.0.3 - 2024-10-18



* Fixed release metadata for ``cryptography-vectors``

.. _v43-0-2:


43.0.2 - 2024-10-18



    

  • Fixed compilation when using LibreSSL 4.0.0.
    • 



.. _v43-0-1:





... (truncated)





Commits






Updates lxml from 3.8.0 to 4.9.1



Changelog

Sourced from lxml's changelog.




4.9.1 (2022-07-01)


Bugs fixed


    

  • A crash was resolved when using iterwalk() (or canonicalize())
after parsing certain incorrect input.  Note that iterwalk() can crash
on valid input parsed with the same parser after failing to parse the
incorrect input.
    • 



4.9.0 (2022-06-01)


Bugs fixed


    

  • GH#341: The mixin inheritance order in lxml.html was corrected.
Patch by xmo-odoo.
    • 



Other changes


    

  • 

    Built with Cython 0.29.30 to adapt to changes in Python 3.11 and 3.12.
    

    • 

  • 

    Wheels include zlib 1.2.12, libxml2 2.9.14 and libxslt 1.1.35
(libxml2 2.9.12+ and libxslt 1.1.34 on Windows).
    

    • 

  • 

    GH#343: Windows-AArch64 build support in Visual Studio.
Patch by Steve Dower.
    

    • 



4.8.0 (2022-02-17)


Features added


    

  • 

    GH#337: Path-like objects are now supported throughout the API instead of just strings.
Patch by Henning Janssen.
    

    • 

  • 

    The ElementMaker now supports QName values as tags, which always override
the default namespace of the factory.
    

    • 



Bugs fixed


    

  • GH#338: In lxml.objectify, the XSI float annotation "nan" and "inf" were spelled in
lower case, whereas XML Schema datatypes define them as "NaN" and "INF" respectively.
    • 






... (truncated)





Commits

    

  • d01872c Prevent parse failure in new test from leaking into later test runs.
    • 

  • d65e632 Prepare release of lxml 4.9.1.
    • 

  • 86368e9 Fix a crash when incorrect parser input occurs together with usages of iterwa...
    • 

  • 50c2764 Delete unused Travis CI config and reference in docs (GH-345)
    • 

  • 8f0bf2d Try to speed up the musllinux AArch64 build by splitting the different CPytho...
    • 

  • b9f7074 Remove debug print from test.
    • 

  • b224e0f Try to install 'xz' in wheel builds, if available, since it's now needed to e...
    • 

  • 897ebfa Update macOS deployment target version from 10.14 to 10.15 since 10.14 starts...
    • 

  • 853c9e9 Prepare release of 4.9.0.
    • 

  • d3f77e6 Add a test for https://bugs.launchpad.net/lxml/+bug/1965070 leaving out the a...
    • 

  • Additional commits viewable in compare view
    • 







Updates pyopenssl from 17.0.0 to 25.0.0



Changelog

Sourced from pyopenssl's changelog.




25.0.0 (2025-01-12)


Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^


Deprecations:
^^^^^^^^^^^^^


Changes:
^^^^^^^^


    

  • Corrected type annotations on Context.set_alpn_select_callback, Context.set_session_cache_mode, Context.set_options, Context.set_mode, X509.subject_name_hash, and X509Store.load_locations.
    • 

  • Deprecated APIs are now marked using warnings.deprecated. mypy will emit deprecation notices for them when used with --enable-error-code deprecated.
    • 



24.3.0 (2024-11-27)


Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^


    

  • Removed the deprecated OpenSSL.crypto.CRL, OpenSSL.crypto.Revoked, OpenSSL.crypto.dump_crl, and OpenSSL.crypto.load_crl. cryptography.x509's CRL functionality should be used instead.
    • 

  • Removed the deprecated OpenSSL.crypto.sign and OpenSSL.crypto.verify. cryptography.hazmat.primitives.asymmetric's signature APIs should be used instead.
    • 



Deprecations:
^^^^^^^^^^^^^


    

  • Deprecated OpenSSL.rand - callers should use os.urandom() instead.
    • 

  • Deprecated add_extensions and get_extensions on OpenSSL.crypto.X509Req and OpenSSL.crypto.X509. These should have been deprecated at the same time X509Extension was. Users should use pyca/cryptography's X.509 APIs instead.
    • 

  • Deprecated OpenSSL.crypto.get_elliptic_curves and OpenSSL.crypto.get_elliptic_curve, as well as passing the reult of them to OpenSSL.SSL.Context.set_tmp_ecdh, users should instead pass curves from cryptography.
    • 

  • Deprecated passing X509 objects to OpenSSL.SSL.Context.use_certificate, OpenSSL.SSL.Connection.use_certificate, OpenSSL.SSL.Context.add_extra_chain_cert, and OpenSSL.SSL.Context.add_client_ca, users should instead pass cryptography.x509.Certificate instances. This is in preparation for deprecating pyOpenSSL's X509 entirely.
    • 

  • Deprecated passing PKey objects to OpenSSL.SSL.Context.use_privatekey and OpenSSL.SSL.Connection.use_privatekey, users should instead pass cryptography priate key instances. This is in preparation for deprecating pyOpenSSL's PKey entirely.
    • 



Changes:
^^^^^^^^


    

  • cryptography maximum version has been increased to 44.0.x.
    • 

  • OpenSSL.SSL.Connection.get_certificate, OpenSSL.SSL.Connection.get_peer_certificate, OpenSSL.SSL.Connection.get_peer_cert_chain, and OpenSSL.SSL.Connection.get_verified_chain now take an as_cryptography keyword-argument. When True is passed then cryptography.x509.Certificate are returned, instead of OpenSSL.crypto.X509. In the future, passing False (the default) will be deprecated.
    • 



24.2.1 (2024-07-20)


Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^


Deprecations:
^^^^^^^^^^^^^


Changes:





... (truncated)





Commits






Updates pymongo from 3.4.0 to 4.6.3



Release notes

Sourced from pymongo's releases.




PyMongo 4.6.3


Community notes: https://www.mongodb.com/community/forums/t/pymongo-4-6-3-release-for-cve-2024-5629/284348


PyMongo 4.6.2


Release notes: https://www.mongodb.com/community/forums/t/pymongo-4-6-2-released/267404


PyMongo 4.6.1


Release notes: https://www.mongodb.com/community/forums/t/pymongo-4-6-1-released/255752


PyMongo 4.6.0


Release notes: https://www.mongodb.com/community/forums/t/pymongo-4-6-0-released/251866


PyMongo 4.5.0


Release notes: https://www.mongodb.com/community/forums/t/pymongo-4-5-0-released/240662


PyMongo 4.4.1


Release notes: https://www.mongodb.com/community/forums/t/pymongo-4-4-1-released/235045


PyMongo 4.4.0


Release notes: https://www.mongodb.com/community/forums/t/pymongo-4-4-released/232211


PyMongo 4.4.0b0


Release notes: https://www.mongodb.com/community/forums/t/pymongo-4-4-0b0-release/210471


PyMongo 4.3.3


Release notes: https://www.mongodb.com/community/forums/t/pymongo-4-3-3-release/200145


PyMongo 4.3.2


Release notes: https://www.mongodb.com/community/forums/t/pymongo-4-3-2-released/194266


PyMongo 4.2.0


Release notes:  https://www.mongodb.com/community/forums/t/pymongo-4-2-0-released/176012


PyMongo 4.2.0b0


Release notes: https://www.mongodb.com/community/forums/t/python-driver-4-2-0-beta-available/168488


PyMongo 4.1.1


Release notes: https://www.mongodb.com/community/forums/t/pymongo-4-1-1-released/157895


PyMongo 4.1.0


Release notes: https://www.mongodb.com/community/forums/t/pymongo-4-1-0-released/156029


PyMongo 4.0.2


Release notes: https://www.mongodb.com/community/forums/t/pymongo-4-0-2-released/150457


PyMongo 4.0.1


Release notes: https://www.mongodb.com/community/forums/t/pymongo-4-0-1-released/135979


PyMongo 4.0


Release notes: https://www.mongodb.com/community/forums/t/pymongo-4-0-released/134677





... (truncated)





Changelog

Sourced from pymongo's changelog.




Changes in Version 4.6.3 (2024/03/27)


PyMongo 4.6.3 fixes the following bug:


    

  • Fixed a potential memory access violation when decoding invalid bson.
    • 



Issues Resolved
...............


See the PyMongo 4.6.3 release notes in JIRA_ for the list of resolved issues
in this release.


.. _PyMongo 4.6.3 release notes in JIRA: https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004&version=38360


Changes in Version 4.6.2 (2024/02/21)


PyMongo 4.6.2 fixes the following bug:


    

  • Fixed a bug appearing in Python 3.12 where "RuntimeError: can't create new thread at interpreter shutdown"
could be written to stderr when a MongoClient's thread starts as the python interpreter is shutting down.
    • 



Issues Resolved
...............


See the PyMongo 4.6.2 release notes in JIRA_ for the list of resolved issues
in this release.


.. _PyMongo 4.6.2 release notes in JIRA: https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004&version=37906


Changes in Version 4.6.1 (2023/11/29)


PyMongo 4.6.1 fixes the following bug:


    

  • Ensure retryable read OperationFailure errors re-raise exception when 0 or NoneType error code is provided.
    • 



Issues Resolved
...............


See the PyMongo 4.6.1 release notes in JIRA_ for the list of resolved issues
in this release.


.. _PyMongo 4.6.1 release notes in JIRA: https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004&version=37138


Changes in Version 4.6.0 (2023/11/01)


PyMongo 4.6 brings a number of improvements including:





... (truncated)





Commits

    

  • 8da192f BUMP 4.6.3
    • 

  • 56b6b6d PYTHON-4305 Fix bson size check (#1564)
    • 

  • 449d0f3 BUMP to 4.6.3.dev0
    • 

  • e04576d DEVPROD-3871 Use teardown_task when there is one function/command (#1533)
    • 

  • cf1c6a1 PYTHON-4219 Prep for 4.6.2 Release (#1530)
    • 

  • d29b2b7 PYTHON-4147 [v4.6]: Silence noisy thread.start() RuntimeError at shutdown (#1...
    • 

  • 0477b9b PYTHON-4077 [v4.6]: Ensure there is a MacOS wheel for Python 3.7 (#1527)
    • 

  • ecad17d BUMP 4.6.2.dev0
    • 

  • 485e0a5 BUMP 4.6.1
    • 

  • 995365c PYTHON-4038 [v4.6]: Ensure retryable read OperationFailures re-raise except...
    • 

  • Additional commits viewable in compare view
    • 







Updates scrapy-splash from 0.7.2 to 0.8.0



Release notes

Sourced from scrapy-splash's releases.




0.8.0


    

  • 

    Security bug fix:
    

    If you use HttpAuthMiddleware (i.e. the http_user and http_pass spider attributes) for Splash authentication, any non-Splash request will expose your credentials to the request target. This includes robots.txt requests sent by Scrapy when the ROBOTSTXT_OBEY setting is set to True.
    

    Use the new SPLASH_USER and SPLASH_PASS settings instead to set your Splash authentication credentials safely.
    

    • 

  • 

    Responses now expose the HTTP status code and headers from Splash as response.splash_response_status and response.splash_response_headers (#158)
    

    • 

  • 

    The meta argument passed to the scrapy_splash.request.SplashRequest constructor is no longer modified (#164)
    

    • 

  • 

    Website responses with 400 or 498 as HTTP status code are no longer handled as the equivalent Splash responses (#158)
    

    • 

  • 

    Cookies are no longer sent to Splash itself (#156)
    

    • 

  • 

    scrapy_splash.utils.dict_hash now also works with obj=None (225793b)
    

    • 

  • 

    Our test suite now includes integration tests (#156) and tests can be run in parallel (6fb8c41)
    

    • 

  • 

    There’s a new ‘Getting help’ section in the README.rst file (#161, #162), the documentation about SPLASH_SLOT_POLICY has been improved (#157) and a typo as been fixed (#121)
    

    • 

  • 

    Made some internal improvements (ee5000d, 25de545, 2aaa79d)
    

    • 








Changelog

Sourced from scrapy-splash's changelog.




0.8.0 (2021-10-05)


    

  • 

    Security bug fix:
    

    If you use HttpAuthMiddleware_ (i.e. the http_user and http_pass
spider attributes) for Splash authentication, any non-Splash request will
expose your credentials to the request target. This includes robots.txt
requests sent by Scrapy when the ROBOTSTXT_OBEY setting is set to
True.
    

    Use the new SPLASH_USER and SPLASH_PASS settings instead to set
your Splash authentication credentials safely.
    

    .. _HttpAuthMiddleware: http://doc.scrapy.org/en/latest/topics/downloader-middleware.html#module-scrapy.downloadermiddlewares.httpauth
    

    • 

  • 

    Responses now expose the HTTP status code and headers from Splash as
response.splash_response_status and
response.splash_response_headers (#158)
    

    • 

  • 

    The meta argument passed to the scrapy_splash.request.SplashRequest
constructor is no longer modified (#164)
    

    • 

  • 

    Website responses with 400 or 498 as HTTP status code are no longer
handled as the equivalent Splash responses (#158)
    

    • 

  • 

    Cookies are no longer sent to Splash itself (#156)
    

    • 

  • 

    scrapy_splash.utils.dict_hash now also works with obj=None
(225793b)
    

    • 

  • 

    Our test suite now includes integration tests (#156) and tests can be run
in parallel (6fb8c41)
    

    • 

  • 

    There’s a new ‘Getting help’ section in the README.rst file (#161,
#162), the documentation about SPLASH_SLOT_POLICY has been improved
(Description%20has%20been%20truncated
    %0A" rel="nofollow" target="_blank" >

dependabot[bot] avatar May 16 '25 10:05 dependabot[bot]